The spam on this board is OUT OF CONTROL.
Moderator: staff
The spam on this board is OUT OF CONTROL.
Something needs to be done about all the spam on the board. It's EVERYWHERE. On main, in place, anywhere where people frequently post, there's a spammer, and nothing seems to be done about it, no matter how much I hit the report post button.
There's a spammer here who has *26* posts! TWENTY-SIX. How the hell is this allowed to happen?
I understand that staff have lives and priorities outside of this board, but the amount of spam is absolutely ridiculous.
If there is this much spam on the board, then just how secure is the board? When was the last time the forum software was updated? Where did LITERALLY half the emoticons and skins go? Why do things that used to work no longer work anymore (here's looking at you, HTML, delete post function in place)?
This is worrying. What's being done? Is there control of the upgrade of the board anymore?
There's a spammer here who has *26* posts! TWENTY-SIX. How the hell is this allowed to happen?
I understand that staff have lives and priorities outside of this board, but the amount of spam is absolutely ridiculous.
If there is this much spam on the board, then just how secure is the board? When was the last time the forum software was updated? Where did LITERALLY half the emoticons and skins go? Why do things that used to work no longer work anymore (here's looking at you, HTML, delete post function in place)?
This is worrying. What's being done? Is there control of the upgrade of the board anymore?
-marya hornbacher
spidey immer voran
(spidey ever onward)
- treasure
- forum moderator - workshop & before & after
- Posts: 11079
- Joined: Wed Feb 25, 2004 8:32 pm
- Gender: f
- Location: Melbourne, Australia
Re: The spam on this board is OUT OF CONTROL.
the number of posts is not all that controllable, since a spam bot can keep posting as fast as the forum will allow it to. imo admins do get rid of spam quite quickly, but maybe there need to be more admins or more frequently visits by admins?
updates, upgrades, themes etc are all under the control of sine nomine who i don't think is interested in keeping them updated, although an upgrade to phpBB3 was done in the past few years. (happened to break avatar updating and that hasn't been fixed either). i don't think sine nomine should be in control of so many admin functions while not being an active administrator, but there's not a whole lot we can do about that.
updates, upgrades, themes etc are all under the control of sine nomine who i don't think is interested in keeping them updated, although an upgrade to phpBB3 was done in the past few years. (happened to break avatar updating and that hasn't been fixed either). i don't think sine nomine should be in control of so many admin functions while not being an active administrator, but there's not a whole lot we can do about that.
Re: The spam on this board is OUT OF CONTROL.
Gaball Screen, thanks for reporting the "26-er" - I have deactivated the account and have done a generic IP-ban which should be the end of that one.
Typically the spammers are not script-kiddies who do spam-bots - the CAPTCHA which is part of BUS registration blocks most of them. Rather, they are unpleasant people whose IP addresses are (surprise...) apparently mainly from China, Russia and Ukraine - your 26-er was from China.
Most of the spam is tedious but innocent (links to porn and on-line pharmacy sites are obvious exceptions).
I can assure you that all members of the staff team take spam seriously. The mods move all of the spam that their permissions allow and the admins deactivate spam accounts as fast as they can (eg, so far today I have deactivated ~10 spammers who have posted and pre-emptively deactivated another ~10 accounts).
Typically the spammers are not script-kiddies who do spam-bots - the CAPTCHA which is part of BUS registration blocks most of them. Rather, they are unpleasant people whose IP addresses are (surprise...) apparently mainly from China, Russia and Ukraine - your 26-er was from China.
Most of the spam is tedious but innocent (links to porn and on-line pharmacy sites are obvious exceptions).
I can assure you that all members of the staff team take spam seriously. The mods move all of the spam that their permissions allow and the admins deactivate spam accounts as fast as they can (eg, so far today I have deactivated ~10 spammers who have posted and pre-emptively deactivated another ~10 accounts).
Alone we are born
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
Re: The spam on this board is OUT OF CONTROL.
I don't mean any disrespect, but as an ex-mod, how the hell is this allowed to happen? I imagine it has to be a massive PITA for y'all to swat down spammers as admins (and as I remember, it was for me as a mod), but the amount of spam that seems to be getting through the CAPTCHA (which has been proven to be ineffective from a security standpoint) and even allowed to register in general is absolutely INSANE. I just logged on and there's 4 more accounts who are spamming place!kiwi33 wrote:Gaball Screen, thanks for reporting the "26-er" - I have deactivated the account and have done a generic IP-ban which should be the end of that one.
Typically the spammers are not script-kiddies who do spam-bots - the CAPTCHA which is part of BUS registration blocks most of them. Rather, they are unpleasant people whose IP addresses are (surprise...) apparently mainly from China, Russia and Ukraine - your 26-er was from China.
Most of the spam is tedious but innocent (links to porn and on-line pharmacy sites are obvious exceptions).
I can assure you that all members of the staff team take spam seriously. The mods move all of the spam that their permissions allow and the admins deactivate spam accounts as fast as they can (eg, so far today I have deactivated ~10 spammers who have posted and pre-emptively deactivated another ~10 accounts).
I hate to be a turd, but I'm calling the SECURITY of the board into question. A board that is fully updated and patched should NOT have the kind of spam/BS issues that seem to be endemic on the board. If the board is vulnerable to spammers...what else is it vulnerable to?
Honest question.
-marya hornbacher
spidey immer voran
(spidey ever onward)
Re: The spam on this board is OUT OF CONTROL.
No disrespect taken, I don't think that you are a turd and I appreciate your honest question.
The board is currently running under phpBB v3.0.10. The latest version is v3.0.11. As far as I can see from the phpBB Web site, the differences between these versions are essentially cosmetic, though I could be wrong. I have the impression that your technical computing expertise exceeds mine (I used to write code, mainly FORTRAN, some C++, but that was some time ago). Maybe you could have a look at the phpBB site - if you spot anything important, let me know by PM and I will raise it on the admin forum.
As far as security is concerned, the board is secure in the sense that if I Google "Gaball Screen" (or the screen-name of any other member), nothing relevant to BUS is revealed.
The board is currently running under phpBB v3.0.10. The latest version is v3.0.11. As far as I can see from the phpBB Web site, the differences between these versions are essentially cosmetic, though I could be wrong. I have the impression that your technical computing expertise exceeds mine (I used to write code, mainly FORTRAN, some C++, but that was some time ago). Maybe you could have a look at the phpBB site - if you spot anything important, let me know by PM and I will raise it on the admin forum.
As far as security is concerned, the board is secure in the sense that if I Google "Gaball Screen" (or the screen-name of any other member), nothing relevant to BUS is revealed.
Alone we are born
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
Re: The spam on this board is OUT OF CONTROL.
There is nothing we can do about the board software. The admins try to keep bus as safe and stable as we possibly can and to be honest, most people say that spam is dealt with pretty quickly and efficiently. I'm sorry that your experience is different. If you have any ideas, please let us know, but keep in mind that there is nothing we can do about the board software.
Mia
Mia
Re: The spam on this board is OUT OF CONTROL.
There will be spam no matter how hard one tries, and I get that, I understand that. I know enough about computers/forum software/PHP to realise that the fight against spam is an often futile one.
Suggestions:
- CAPTCHA. It's old. It's insecure. Really, it's pathetic and most secure forums/places won't even bother with it except to verify posts and cursory verification of registration. It's the "I guess I should do ...something" of the Internet world if people don't want to improve security measures or somehow can't. With a messageboard like BUS, it'd be best to piggyback CAPTCHA with something a bit more secure, like email activation and the details of which I've expounded on below.
- If email activation doesn't exist for accounts, it should. It's easy and an admin can implement that - I know for a fact that it's a feature on most message boards - new users are required to activate not only their email address but maybe put in an alphanumeric code to verify that they're, in fact, human and not a spambot. Another forum I'm on actually requires new users to update their profiles by selecting a dropdown box asking them if they're a spammer or not. N/A or Yes gets them automatically banned and deactivated. I'm sure it wouldn't be difficult to implement this.
I know that you can't mess with the software, but seriously - keeping tabs to the latest and greatest THAT IS NOT BETA is always helpful and can mean that you can head off BS before it starts. Of course, this means that you'll have to keep tabs on the beta versions and the security flaws within them, but an updated software system (even if things get broken) is a more stable and secure system (and do not. even. get me going. on all the broken shit. there is. here. HELLO HTML WHERE ARE YOUUUUU)
Suggestions:
- CAPTCHA. It's old. It's insecure. Really, it's pathetic and most secure forums/places won't even bother with it except to verify posts and cursory verification of registration. It's the "I guess I should do ...something" of the Internet world if people don't want to improve security measures or somehow can't. With a messageboard like BUS, it'd be best to piggyback CAPTCHA with something a bit more secure, like email activation and the details of which I've expounded on below.
- If email activation doesn't exist for accounts, it should. It's easy and an admin can implement that - I know for a fact that it's a feature on most message boards - new users are required to activate not only their email address but maybe put in an alphanumeric code to verify that they're, in fact, human and not a spambot. Another forum I'm on actually requires new users to update their profiles by selecting a dropdown box asking them if they're a spammer or not. N/A or Yes gets them automatically banned and deactivated. I'm sure it wouldn't be difficult to implement this.
I know that you can't mess with the software, but seriously - keeping tabs to the latest and greatest THAT IS NOT BETA is always helpful and can mean that you can head off BS before it starts. Of course, this means that you'll have to keep tabs on the beta versions and the security flaws within them, but an updated software system (even if things get broken) is a more stable and secure system (and do not. even. get me going. on all the broken shit. there is. here. HELLO HTML WHERE ARE YOUUUUU)
-marya hornbacher
spidey immer voran
(spidey ever onward)
Re: The spam on this board is OUT OF CONTROL.
Email activation should be in place for accounts. It's enabled in the admin panel. If I weren't about to go to bed I'd set up an email account to test it. Poke me tomorrow and I'll try to do it after work.
I don't think we can do auto-bans via the profile (otherwise all the spammers whose gender is "Volkswagen" would not be here...) but it's possible we could set up a question instead of the CAPTCHA. I'm not sure if that would be any more effective, as you have more experience with it than me, what do you reckon? It might be easier for visually impaired people, too.
Software updates are probably not going to happen as they require Deb. We're aware of the broken stuff, themes, html etc. It all needs Deb's attention.
I don't think we can do auto-bans via the profile (otherwise all the spammers whose gender is "Volkswagen" would not be here...) but it's possible we could set up a question instead of the CAPTCHA. I'm not sure if that would be any more effective, as you have more experience with it than me, what do you reckon? It might be easier for visually impaired people, too.
Software updates are probably not going to happen as they require Deb. We're aware of the broken stuff, themes, html etc. It all needs Deb's attention.
A nevem Corti és papírzsepi vagyok meg gumikígyó jövetele!
Re: The spam on this board is OUT OF CONTROL.
As Milvus said, e-mail activation is enabled.Milvus wrote:Email activation should be in place for accounts. It's enabled in the admin panel. If I weren't about to go to bed I'd set up an email account to test it. Poke me tomorrow and I'll try to do it after work.
I don't think we can do auto-bans via the profile (otherwise all the spammers whose gender is "Volkswagen" would not be here...) but it's possible we could set up a question instead of the CAPTCHA. I'm not sure if that would be any more effective, as you have more experience with it than me, what do you reckon? It might be easier for visually impaired people, too.
Software updates are probably not going to happen as they require Deb. We're aware of the broken stuff, themes, html etc. It all needs Deb's attention.
Re spambot measures, I just had a look and there is an option to set up a question like you said (although not a dropdown menu, an empty field). Would that work better for disabled users? If so, it might be something we can talk about.
Updates would be good (although from what Kiwi said, it doesn't sound very useful at this point), but there really is nothing we can do about it. I feel a bit frustrated because I hear that you think this needs to be done and that you have strong feelings about it and there is nothing I can do and there's no good answer I can give you. (those are my feelings only, not speaking for anyone else.) It feels like you are telling me that I should be doing this and not fully listening when I say I can't. Not saying this is what's happening, just that it's what I feel. I have a lot of respect for you, as I hope you know! And your input is really appreciated.
Mia
Re: The spam on this board is OUT OF CONTROL.
I don't know how accessible questions would be for disabled users; that is something that Admins would have to look into...that and if it would be too much of a burden for users themselves...
I am not mad at you; I'm just mad at the situation. I understand that there is not very much that you can do about it -- I don't mean to be offensive or rude it's just from a security standpoint when I see a flaw I pounce on it like ants on a leaf I get to sounding heavy handed sometimes....oops
I am not mad at you; I'm just mad at the situation. I understand that there is not very much that you can do about it -- I don't mean to be offensive or rude it's just from a security standpoint when I see a flaw I pounce on it like ants on a leaf I get to sounding heavy handed sometimes....oops
-marya hornbacher
spidey immer voran
(spidey ever onward)
- amerylis
- board admin emeritus
- Posts: 6806
- Joined: Fri Oct 22, 2004 5:33 pm
- Gender: Female
- Location: UK
Re: The spam on this board is OUT OF CONTROL.
Speaking as a dyslexic person a question would be easier than a captcha and questions are cope-able with by screen-readers, which would also benefit fellow dyslexic people and those with visual impairments. What do others think?
~~Panda~~
6000 - 6999 - awe-inspiring
~my Place~ all welcome
To the world you are one person, but to one person you may be the world.
3 years SI free since May 2013
6 years SI free Jan 2007 - Feb 2013 with lapses in March/April 2013
6000 - 6999 - awe-inspiring
~my Place~ all welcome
To the world you are one person, but to one person you may be the world.
3 years SI free since May 2013
6 years SI free Jan 2007 - Feb 2013 with lapses in March/April 2013
Re: The spam on this board is OUT OF CONTROL.
It's okay I totally understand the frustration. I hope that something good will come out of this conversation, you bring up really good points.Gaball Screen wrote:I don't know how accessible questions would be for disabled users; that is something that Admins would have to look into...that and if it would be too much of a burden for users themselves...
I am not mad at you; I'm just mad at the situation. I understand that there is not very much that you can do about it -- I don't mean to be offensive or rude it's just from a security standpoint when I see a flaw I pounce on it like ants on a leaf I get to sounding heavy handed sometimes....oops
Mia
Re: The spam on this board is OUT OF CONTROL.
I think that amerylis makes a good point about a question rather than a CAPTCHA - a question would be accessible to real people but would defeat spambots.
It could be quite simple:
(1) Please rank the following animals in terms of how big they are (biggest first): mouse, zebra, whale, cat.
(2) Please rank the following numbers in terms of how large they are (largest first): seven, fifty, two, ten.
Easy for people, probably impossible for spambots.
It could be quite simple:
(1) Please rank the following animals in terms of how big they are (biggest first): mouse, zebra, whale, cat.
(2) Please rank the following numbers in terms of how large they are (largest first): seven, fifty, two, ten.
Easy for people, probably impossible for spambots.
Alone we are born
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
And die alone
Yet see the red-gold cirrus
Over snow-mountain shine.
From High Country Weather, James K Baxter
You walk with an intelligence
That informs a clear bright eye
There are unexpected revelations
In the company of ravens.
From In The Company Of Ravens, Maddy Prior
Re: The spam on this board is OUT OF CONTROL.
there is only one option in the admin panel :are you a spambot? if you type no with a capital no, you're fine. paraphrased, I'm on my phone right now.
Re: The spam on this board is OUT OF CONTROL.
We can add more questions quite easily, I like Kiwi's suggestions because a bot is unlikely to come up with the answer randomly.
A nevem Corti és papírzsepi vagyok meg gumikígyó jövetele!
Re: The spam on this board is OUT OF CONTROL.
I think the key question is: What options does the phpBB software allow (including newer versions if relevant)? I mean, it's all very well criticising the spam-prevention features of phpBB, but that's not something the admins here can resolve.
There is some info from phpBB at https://www.phpbb.com/community/viewtopic.php?t=2122696 , which lists which CAPTCHAs are no longer recommended, and says that CAPTCHAs based on questions are most effective. However, that doesn't mean such questions are impossible for spambots, they will be able to answer some kinds of questions (not to mention that one way that spammers get round CAPTCHAs is by farming them out to humans to answer). The link I gave gives recommendations of questions that are effective:
There is some info from phpBB at https://www.phpbb.com/community/viewtopic.php?t=2122696 , which lists which CAPTCHAs are no longer recommended, and says that CAPTCHAs based on questions are most effective. However, that doesn't mean such questions are impossible for spambots, they will be able to answer some kinds of questions (not to mention that one way that spammers get round CAPTCHAs is by farming them out to humans to answer). The link I gave gives recommendations of questions that are effective:
I'd have thought that question based CAPTCHAs would be better for disabled users (since text to speech programs would still pick them up, and no issues for visually impaired people trying to recognised images - even without any disability, I find myself unable to read quite a lot of the image based CAPTCHAs...) I mean, if someone can read the website, they should be able to read the question."What programming language is phpBB written in?" is an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace.
Also very effective are questions of the type:
Q: What are the first three and last three characters of this board's URL ?
A: phpity
Q: Grass is to lawn as __________ is to forest.
A: trees
Or:
Q:Forest is to lawn as grass is to ______________.
A: trees
Re: The spam on this board is OUT OF CONTROL.
This is the best answer ever in the history of answer-kind.emark wrote:I think the key question is: What options does the phpBB software allow (including newer versions if relevant)? I mean, it's all very well criticising the spam-prevention features of phpBB, but that's not something the admins here can resolve.
There is some info from phpBB at https://www.phpbb.com/community/viewtopic.php?t=2122696 , which lists which CAPTCHAs are no longer recommended, and says that CAPTCHAs based on questions are most effective. However, that doesn't mean such questions are impossible for spambots, they will be able to answer some kinds of questions (not to mention that one way that spammers get round CAPTCHAs is by farming them out to humans to answer). The link I gave gives recommendations of questions that are effective:
I'd have thought that question based CAPTCHAs would be better for disabled users (since text to speech programs would still pick them up, and no issues for visually impaired people trying to recognised images - even without any disability, I find myself unable to read quite a lot of the image based CAPTCHAs...) I mean, if someone can read the website, they should be able to read the question."What programming language is phpBB written in?" is an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace.
Also very effective are questions of the type:
Q: What are the first three and last three characters of this board's URL ?
A: phpity
Q: Grass is to lawn as __________ is to forest.
A: trees
Or:
Q:Forest is to lawn as grass is to ______________.
A: trees
-marya hornbacher
spidey immer voran
(spidey ever onward)
Re: The spam on this board is OUT OF CONTROL.
I have nothing useful to add, besides to say thanks for working on this. Spam is scary.
"What we see is not reality in itself, but reality exposed to our method of questioning." Werner Heisenberg, 1901
"It went wrong.
But you are still here.
So it went right, too."
~Nisi
Re: The spam on this board is OUT OF CONTROL.
Agrees with Bearcat. At the moment there seems to be five on them online. Away to logout!
Smile It Confuses People
Learn from yesterday, live for today - hope for tomorrow"
Learn from yesterday, live for today - hope for tomorrow"
Re: The spam on this board is OUT OF CONTROL.
can i just ask why isn't deb keeping up with the board maintenance? i understand that she's got a life away from the board, but if she isn't able to maintain the board wouldn't it be a good idea to allow others to?
Where all the lights are bright, downtown
Waiting for you tonight, downtown
You're gonna be alright now, downtown
Who is online
Users browsing this forum: No registered users and 10 guests